Verizon recently published its 2021 Data Breach Investigations Report (DBIR). This year, Verizon analyzed 79,635 incidents, of which 29,207 met their quality standards and 5,258 were confirmed data breaches, from 88 countries around the world.
Despite the global pandemic, the DBIR uncovered that cybercrime continued to thrive. Like previous years, the majority of breaches were financially motivated, and most were caused by external actors illegally accessing data.
Phishing, ransomware, and web app attacks … Oh my!
Phishing and ransomware attacks, along with the continued high number of web application attacks, dominated the data breaches for 2021. Phishing attacks were present in a whopping 36 percent of breaches in this year’s dataset, representing an 11 percent increase from last year.
Ransomware attacks increased by 6 percent, accounting for 10 percent of breaches. This increase can likely be attributed to new tactics where ransomware now steals the data as it encrypts it. Ransomware has also proven to be very efficient for cybercriminals. It doesn’t take a lot of hands on keyboards and it’s a relatively easy way for cybercriminals to make a quick buck.
Web applications made up 39 percent of all data breaches. Most of the web applications attacked were cloud-based, which isn’t surprising giving the increased shift to digital during the pandemic. The majority of web application attacks were through stolen credentials or brute-force attacks. 95 percent of organizations that suffered a credentials management attack experienced between 637 to 3.3 billion malicious login attempts throughout the year.
If you look at breaches by region, EMEA – comprised of Europe, the Middle East, and Africa – had the highest proportion of web application attacks. This is the second year in a row that web applications accounted for the majority (54 percent) of breaches in EMEA. Not surprisingly, the most commonly breached data type in EMEA was credentials – which goes hand-in-hand with web attacks.
In Asia, web application attacks fell second to social engineering attacks and in North America, web application attacks fell third – behind social engineering and system intrusion.
Web application threats were also prevalent across the 11 examined industries, especially in the information industry. The retail industry, which has notoriously been susceptible to web application attacks, has decreased its proportion of web application breaches.
What can organizations do to prevent web application attacks?
Applications are clearly an attack target, and they are vulnerable. Our recent State of Software Security report found that 76 percent of applications have some sort of security flaw. But our report also found that those who scan their code for security frequently and steadily fix half their security flaws about three weeks faster. Application security testing early and often works. And it also might soon be a requirement. The Biden administration’s recent executive order on cybersecurity includes requirements for software security testing, including static analysis and software composition analysis.